diff options
| author | Jason Unovitch <junovitch@FreeBSD.org> | 2015-09-21 11:08:22 +0000 |
|---|---|---|
| committer | Jason Unovitch <junovitch@FreeBSD.org> | 2015-09-21 11:08:22 +0000 |
| commit | 6bba20cb7a4a88b3728c153be6b3feb0535b153b (patch) | |
| tree | 679859b202179c6d69c6dc8009ded13c2c080ff6 | |
| parent | 0c57f55ef814a63e29c5062677ab0f12612a9589 (diff) | |
| download | ports-6bba20cb7a4a88b3728c153be6b3feb0535b153b.tar.gz ports-6bba20cb7a4a88b3728c153be6b3feb0535b153b.zip | |
MFH r391555, r392222, r393602, r396106, r396185, r397215, r397476
r391555
www/squid: Support DragonFly SHM segments
Out of the box, squid would not run on dragonfly due to its handling
of SHM segments. On DragonFly, SHM segments are always treated as files
but on FreeBSD it depends on whether or not application is inside a jail.
In any case, the case for DragonFly was no supported, so it has been
added via patch. This also requires the return of /var/run/squid
directory which is where the SHM files are stored (defined by
localstatedir and supported by RC script). The RC script would define
this directory if missing, but let's make sure it is always available.
PR: 201405
Submitted by: marino
Approved by: maintainer (timp87/gmail)
r392222
www/squid: pkg-list fix
- add missing pkg-plist entry (SSL_CRTD option)
PR: 201463
Submitted by: s3erios@gmail.com
Approved by: timp87@gmail.com (maintainer)
r393602
www/squid: update 3.5.6 -> 3.5.7
- Fix build with ecap by clang
- Get rid of useless and always empty /var/squid/logs
- Rework patches to make portlint a bit happier
PR: 202053
Submitted by: Pavel Timofeev <timp87@gmail.com> (maintainer)
r396106
www/squid: update 3.5.7 -> 3.5.8
PR: 202826
Submitted by: Pavel Timofeev <timp87@gmail.com> (maintainer)
Approved by: feld (mentor)
r396185
Fix TP_IPF build.
r397215
Rather than produce a warning message that IPv6 is not supported
under ipfilter 4 (FreeBSD 9) every tenth time, reduce the message
to one in a million. This has the effect of displaying the message
at or shortly after startup with a reminder every blue moon.
PR: 202950
r397476
www/squid: security update and build fix
- security update 3.5.8 -> 3.5.9 [1]
- Fix TP_IPF build on FreeBSD 9 [2]
PR: 203186 [1]
PR: 202950 [2]
Approved by: Pavel Timofeev <timp87@gmail.com> (maintainer) [1]
Security: d3a98c2d-5da1-11e5-9909-002590263bf5
Approved by: portmgr (erwin)
Notes
Notes:
svn path=/branches/2015Q3/; revision=397486
| -rw-r--r-- | www/squid/Makefile | 10 | ||||
| -rw-r--r-- | www/squid/distinfo | 4 | ||||
| -rw-r--r-- | www/squid/files/extra-patch-build-8-9 | 6 | ||||
| -rw-r--r-- | www/squid/files/patch-bug4190 | 41 | ||||
| -rw-r--r-- | www/squid/files/patch-compat_compat.h | 4 | ||||
| -rw-r--r-- | www/squid/files/patch-compat_shm.cc | 11 | ||||
| -rw-r--r-- | www/squid/files/patch-configure | 93 | ||||
| -rw-r--r-- | www/squid/files/patch-configure_GSSAPI_NONE | 11 | ||||
| -rw-r--r-- | www/squid/files/patch-configure_NIS | 12 | ||||
| -rw-r--r-- | www/squid/files/patch-configure_crypt.h | 29 | ||||
| -rw-r--r-- | www/squid/files/patch-src-cf.data.pre | 8 | ||||
| -rw-r--r-- | www/squid/files/patch-src_DiskIO_Mmapped_MmappedFile.cc | 6 | ||||
| -rw-r--r-- | www/squid/files/patch-src__ip__Intercept.cc | 15 | ||||
| -rw-r--r-- | www/squid/files/patch-src_ipc_mem_Segment.cc | 6 | ||||
| -rw-r--r-- | www/squid/files/patch-src_tools.cc | 6 | ||||
| -rw-r--r-- | www/squid/pkg-plist | 3 |
16 files changed, 142 insertions, 123 deletions
diff --git a/www/squid/Makefile b/www/squid/Makefile index 8b4806c52951..689f237cca89 100644 --- a/www/squid/Makefile +++ b/www/squid/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= squid -PORTVERSION= 3.5.6 +PORTVERSION= 3.5.9 CATEGORIES= www ipv6 MASTER_SITES= http://www.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \ http://www2.us.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \ @@ -255,12 +255,6 @@ CONFIGURE_ARGS+= --enable-auth-basic="${basic_auth}" \ --enable-auth-negotiate="${negotiate_auth}" \ --enable-auth-ntlm="${ntlm_auth}" -.if ${PORT_OPTIONS:MECAP} -. if ${OPSYS} == FreeBSD && ${OSVERSION} >= 1000000 -BROKEN= Squid with eCAP enabled can't be compiled by clang -. endif -.endif - # Storage schemes: storage_schemes= ufs diskio_modules= AIO Blocking IpcIo Mmapped @@ -354,8 +348,6 @@ post-install: ${STAGEDIR}${EXAMPLESDIR} @${MKDIR} ${STAGEDIR}${DOCSDIR} (cd ${WRKSRC} && ${INSTALL_DATA} ${MYDOCS} ${STAGEDIR}${DOCSDIR}) - ${MKDIR} ${STAGEDIR}/var/squid/logs - ${RMDIR} ${STAGEDIR}/var/run/squid .include <bsd.port.pre.mk> diff --git a/www/squid/distinfo b/www/squid/distinfo index 4ec08d9cea81..f9580160463e 100644 --- a/www/squid/distinfo +++ b/www/squid/distinfo @@ -1,2 +1,2 @@ -SHA256 (squid3.5/squid-3.5.6.tar.xz) = cd080e8d5eaabebf6808792751322bd05f2a9c8fe4377f54c7155682ef6c38d5 -SIZE (squid3.5/squid-3.5.6.tar.xz) = 2291152 +SHA256 (squid3.5/squid-3.5.9.tar.xz) = 9e9a3dc16e6f97258f2c3589dc6163bec20fb9369aec1fe03612dbca76d185d3 +SIZE (squid3.5/squid-3.5.9.tar.xz) = 2296384 diff --git a/www/squid/files/extra-patch-build-8-9 b/www/squid/files/extra-patch-build-8-9 index 7c4dc1d70c99..337c147bd879 100644 --- a/www/squid/files/extra-patch-build-8-9 +++ b/www/squid/files/extra-patch-build-8-9 @@ -1,6 +1,6 @@ ---- helpers/negotiate_auth/kerberos/negotiate_kerberos.h.orig 2015-04-04 11:08:51.000000000 +0400 -+++ helpers/negotiate_auth/kerberos/negotiate_kerberos.h 2015-04-04 11:11:10.000000000 +0400 -@@ -135,7 +135,7 @@ +--- helpers/negotiate_auth/kerberos/negotiate_kerberos.h.orig 2015-08-01 06:08:17 UTC ++++ helpers/negotiate_auth/kerberos/negotiate_kerberos.h +@@ -140,7 +140,7 @@ int check_gss_err(OM_uint32 major_status char *gethost_name(void); diff --git a/www/squid/files/patch-bug4190 b/www/squid/files/patch-bug4190 deleted file mode 100644 index 08460dbd934f..000000000000 --- a/www/squid/files/patch-bug4190 +++ /dev/null @@ -1,41 +0,0 @@ ---- src/auth/User.cc.orig 2015-03-18 13:22:42.134592000 +0300 -+++ src/auth/User.cc 2015-03-18 13:26:48.850592000 +0300 -@@ -309,10 +309,7 @@ - Auth::User::BuildUserKey(const char *username, const char *realm) - { - SBuf key; -- if (realm) -- key.Printf("%s:%s", username, realm); -- else -- key.append(username, strlen(username)); -+ key.Printf("%s:%s", username, realm); - return key; - } - -@@ -368,11 +365,11 @@ - if (aString) { - assert(!username_); - username_ = xstrdup(aString); -- // NP: param #2 is working around a c_str() data-copy performance regression -- userKey_ = BuildUserKey(username_, (!requestRealm_.isEmpty() ? requestRealm_.c_str() : NULL)); -+ if (!requestRealm_.isEmpty()) -+ userKey_ = BuildUserKey(username_, requestRealm_.c_str()); -+ - } else { - safe_free(username_); -- userKey_.clear(); - } - } - ---- src/auth/User.h.orig 2015-03-18 13:27:30.809059000 +0300 -+++ src/auth/User.h 2015-03-18 13:28:22.078121000 +0300 -@@ -65,8 +65,7 @@ - char const *username() const { return username_; } - void username(char const *); ///< set stored username and userKey - -- // NP: key is set at the same time as username_. Until then both are empty/NULL. -- const char *userKey() {return !userKey_.isEmpty() ? userKey_.c_str() : NULL;} -+ const char *userKey() {return !userKey_.isEmpty() ? userKey_.c_str() : username_;} - - /** - * How long these credentials are still valid for. diff --git a/www/squid/files/patch-compat_compat.h b/www/squid/files/patch-compat_compat.h index dd024d910da0..00f614c05c69 100644 --- a/www/squid/files/patch-compat_compat.h +++ b/www/squid/files/patch-compat_compat.h @@ -1,5 +1,5 @@ ---- compat/compat.h.orig 2015-02-26 17:09:19.142090018 +0300 -+++ compat/compat.h 2015-02-26 17:09:42.440097986 +0300 +--- compat/compat.h.orig 2015-08-01 06:08:17 UTC ++++ compat/compat.h @@ -42,17 +42,6 @@ #endif #endif diff --git a/www/squid/files/patch-compat_shm.cc b/www/squid/files/patch-compat_shm.cc new file mode 100644 index 000000000000..2fd035f960ef --- /dev/null +++ b/www/squid/files/patch-compat_shm.cc @@ -0,0 +1,11 @@ +--- compat/shm.cc.orig 2015-05-28 11:06:38 UTC ++++ compat/shm.cc +@@ -29,6 +29,8 @@ shm_portable_segment_name_is_path() + size_t len = sizeof(jailed); + ::sysctlbyname("security.jail.jailed", &jailed, &len, NULL, 0); + return !jailed; ++#elif defined (__DragonFly__) ++ return true; + #else + return false; + #endif diff --git a/www/squid/files/patch-configure b/www/squid/files/patch-configure new file mode 100644 index 000000000000..1606a92a36b0 --- /dev/null +++ b/www/squid/files/patch-configure @@ -0,0 +1,93 @@ +--- configure.orig 2015-09-01 12:53:55.000000000 -0700 ++++ configure 2015-09-05 00:14:50.050817462 -0700 +@@ -23624,7 +23624,9 @@ + + if test $ac_with_krb5_count -gt 1 ; then + as_fn_error $? "Please choose only one Kerberos library." "$LINENO" 5 +-elif test $ac_with_krb5_count -eq 0 ; then ++# XXX: On FreeBSD we don't need to involve krb5-config. ++# This change makes GSSAPI_NONE work properly. ++elif test $ac_with_krb5_count -eq 100 ; then + # find installed libs via pkg-config or krb5-config + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gssapi-krb5 krb5\""; } >&5 +@@ -32038,7 +32040,7 @@ + ## + + BUILD_HELPER="NIS" +-for ac_header in sys/types.h rpc/rpc.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h crypt.h ++for ac_header in sys/types.h rpc/rpc.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h rpcsvc/crypt.h + do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` + ac_fn_cxx_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" " +@@ -32053,8 +32055,10 @@ + #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 + _ACEOF + +-else +- BUILD_HELPER="" ++# XXX: On FreeBSD we have to do this to make NIS work ++# until https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188247 ++# is resolved. ++ BUILD_HELPER="NIS" + fi + + done +@@ -32519,7 +32523,7 @@ + + # unconditionally requires crypt(3), for now + if test "x$ac_cv_func_crypt" != "x"; then +- for ac_header in unistd.h crypt.h shadow.h ++ for ac_header in unistd.h rpcsvc/crypt.h shadow.h + do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` + ac_fn_cxx_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +@@ -34574,7 +34578,7 @@ + arpa/nameser.h \ + assert.h \ + bstring.h \ +- crypt.h \ ++ rpcsvc/crypt.h \ + ctype.h \ + direct.h \ + errno.h \ +@@ -34785,6 +34789,7 @@ + #include <netinet/ip.h> + #endif + #if HAVE_NETINET_IP_COMPAT_H ++#include <net/if.h> /* IFNAMSIZ */ + #include <netinet/ip_compat.h> + #endif + #if HAVE_NETINET_IP_FIL_H +@@ -38773,6 +38778,7 @@ + # include <sys/ioccom.h> + # include <netinet/in.h> + ++# include <net/if.h> /* IFNAMSIZ */ + # include <netinet/ip_compat.h> + # include <netinet/ip_fil.h> + # include <netinet/ip_nat.h> +@@ -38803,6 +38809,7 @@ + # include <sys/ioccom.h> + # include <netinet/in.h> + #undef minor_t ++# include <net/if.h> /* IFNAMSIZ */ + # include <netinet/ip_compat.h> + # include <netinet/ip_fil.h> + # include <netinet/ip_nat.h> +@@ -38847,6 +38854,7 @@ + ip_fil_compat.h \ + ip_fil.h \ + ip_nat.h \ ++ net/if.h \ + netinet/ip_compat.h \ + netinet/ip_fil_compat.h \ + netinet/ip_fil.h \ +@@ -38876,6 +38884,7 @@ + #if HAVE_IP_COMPAT_H + #include <ip_compat.h> + #elif HAVE_NETINET_IP_COMPAT_H ++#include <net/if.h> /* IFNAMSIZ */ + #include <netinet/ip_compat.h> + #endif + #if HAVE_IP_FIL_H diff --git a/www/squid/files/patch-configure_GSSAPI_NONE b/www/squid/files/patch-configure_GSSAPI_NONE deleted file mode 100644 index 224dfa120ac1..000000000000 --- a/www/squid/files/patch-configure_GSSAPI_NONE +++ /dev/null @@ -1,11 +0,0 @@ ---- configure.orig 2015-05-28 21:06:54.111809946 +0300 -+++ configure 2015-05-28 21:07:20.776834346 +0300 -@@ -23549,7 +23549,7 @@ - - if test $ac_with_krb5_count -gt 1 ; then - as_fn_error $? "Please choose only one Kerberos library." "$LINENO" 5 --elif test $ac_with_krb5_count -eq 0 ; then -+elif test $ac_with_krb5_count -eq 100 ; then - # find installed libs via pkg-config or krb5-config - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gssapi-krb5 krb5\""; } >&5 diff --git a/www/squid/files/patch-configure_NIS b/www/squid/files/patch-configure_NIS deleted file mode 100644 index 3ee1d4683a3c..000000000000 --- a/www/squid/files/patch-configure_NIS +++ /dev/null @@ -1,12 +0,0 @@ ---- configure.orig 2015-03-11 10:22:50.000000000 +0400 -+++ configure 2015-03-11 10:27:05.000000000 +0400 -@@ -31858,8 +31858,7 @@ - #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 - _ACEOF - --else -- BUILD_HELPER="" -+ BUILD_HELPER="NIS" - fi - - done diff --git a/www/squid/files/patch-configure_crypt.h b/www/squid/files/patch-configure_crypt.h deleted file mode 100644 index 2fc6d56520af..000000000000 --- a/www/squid/files/patch-configure_crypt.h +++ /dev/null @@ -1,29 +0,0 @@ ---- configure.orig 2015-02-27 14:32:14.424780752 +0300 -+++ configure 2015-02-27 14:33:30.345774382 +0300 -@@ -31843,7 +31843,7 @@ - ## - - BUILD_HELPER="NIS" --for ac_header in sys/types.h rpc/rpc.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h crypt.h -+for ac_header in sys/types.h rpc/rpc.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h rpcsvc/crypt.h - do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` - ac_fn_cxx_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" " -@@ -32319,7 +32319,7 @@ - - # unconditionally requires crypt(3), for now - if test "x$ac_cv_func_crypt" != "x"; then -- for ac_header in unistd.h crypt.h shadow.h -+ for ac_header in unistd.h rpcsvc/crypt.h shadow.h - do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` - ac_fn_cxx_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -@@ -34263,7 +34263,7 @@ - arpa/nameser.h \ - assert.h \ - bstring.h \ -- crypt.h \ -+ rpcsvc/crypt.h \ - ctype.h \ - direct.h \ - errno.h \ diff --git a/www/squid/files/patch-src-cf.data.pre b/www/squid/files/patch-src-cf.data.pre index a71e93eb79d6..572ca8a842e7 100644 --- a/www/squid/files/patch-src-cf.data.pre +++ b/www/squid/files/patch-src-cf.data.pre @@ -1,13 +1,13 @@ ---- src/cf.data.pre.orig 2015-02-26 17:56:12.817890613 +0300 -+++ src/cf.data.pre 2015-02-26 17:56:41.556917775 +0300 -@@ -4461,6 +4461,10 @@ +--- src/cf.data.pre.orig 2015-08-01 06:08:17 UTC ++++ src/cf.data.pre +@@ -4537,6 +4537,10 @@ DEFAULT: @DEFAULT_PID_FILE@ LOC: Config.pidFilename DOC_START A filename to write the process-id to. To disable, enter "none". + + Note: If you change this setting, you need to set squid_pidfile + in /etc/rc.conf to reflect the new value. Please see -+ %%PREFIX%%/etc/rc.d/squid for details. ++ /usr/local/etc/rc.d/squid for details. DOC_END NAME: client_netmask diff --git a/www/squid/files/patch-src_DiskIO_Mmapped_MmappedFile.cc b/www/squid/files/patch-src_DiskIO_Mmapped_MmappedFile.cc index 0c0fb850ada5..3bf400a3c649 100644 --- a/www/squid/files/patch-src_DiskIO_Mmapped_MmappedFile.cc +++ b/www/squid/files/patch-src_DiskIO_Mmapped_MmappedFile.cc @@ -1,6 +1,6 @@ ---- src/DiskIO/Mmapped/MmappedFile.cc.orig 2015-04-15 10:39:56.146312000 +0300 -+++ src/DiskIO/Mmapped/MmappedFile.cc 2015-04-15 10:40:53.487834000 +0300 -@@ -235,7 +235,7 @@ +--- src/DiskIO/Mmapped/MmappedFile.cc.orig 2015-08-01 06:08:17 UTC ++++ src/DiskIO/Mmapped/MmappedFile.cc +@@ -235,7 +235,7 @@ Mmapping::map() static const int pageSize = getpagesize(); delta = offset % pageSize; diff --git a/www/squid/files/patch-src__ip__Intercept.cc b/www/squid/files/patch-src__ip__Intercept.cc new file mode 100644 index 000000000000..818192542317 --- /dev/null +++ b/www/squid/files/patch-src__ip__Intercept.cc @@ -0,0 +1,15 @@ +--- src/ip/Intercept.cc.orig 2015-09-01 12:52:00.000000000 -0700 ++++ src/ip/Intercept.cc 2015-09-17 21:52:44.892553613 -0700 +@@ -202,10 +202,10 @@ + // for NAT lookup set local and remote IP:port's + if (newConn->remote.isIPv6()) { + #if IPFILTER_VERSION < 5000003 +- // warn once every 10 at critical level, then push down a level each repeated event ++ // warn once every million at critical level, then push down a level each repeated event + static int warningLevel = DBG_CRITICAL; + debugs(89, warningLevel, "IPF (IPFilter v4) NAT does not support IPv6. Please upgrade to IPFilter v5.1"); +- warningLevel = ++warningLevel % 10; ++ warningLevel = (warningLevel + 1) % 1048576; + return false; + #else + natLookup.nl_v = 6; diff --git a/www/squid/files/patch-src_ipc_mem_Segment.cc b/www/squid/files/patch-src_ipc_mem_Segment.cc index adef66211481..3bcb01bcb1de 100644 --- a/www/squid/files/patch-src_ipc_mem_Segment.cc +++ b/www/squid/files/patch-src_ipc_mem_Segment.cc @@ -1,6 +1,6 @@ ---- src/ipc/mem/Segment.cc.orig 2015-04-15 10:38:29.724278000 +0300 -+++ src/ipc/mem/Segment.cc 2015-04-15 10:39:37.130756000 +0300 -@@ -150,7 +150,7 @@ +--- src/ipc/mem/Segment.cc.orig 2015-08-01 06:08:17 UTC ++++ src/ipc/mem/Segment.cc +@@ -150,7 +150,7 @@ Ipc::Mem::Segment::attach() assert(theSize == static_cast<off_t>(static_cast<size_t>(theSize))); void *const p = diff --git a/www/squid/files/patch-src_tools.cc b/www/squid/files/patch-src_tools.cc index c7a636c5c175..283102ee5701 100644 --- a/www/squid/files/patch-src_tools.cc +++ b/www/squid/files/patch-src_tools.cc @@ -1,6 +1,6 @@ ---- src/tools.cc.orig 2014-08-19 13:38:40.000000000 +0400 -+++ src/tools.cc 2014-08-19 13:39:00.000000000 +0400 -@@ -735,7 +735,7 @@ +--- src/tools.cc.orig 2015-08-01 06:08:17 UTC ++++ src/tools.cc +@@ -635,7 +635,7 @@ no_suid(void) uid = geteuid(); debugs(21, 3, "no_suid: PID " << getpid() << " giving up root priveleges forever"); diff --git a/www/squid/pkg-plist b/www/squid/pkg-plist index 66076733b506..130f1fc29db7 100644 --- a/www/squid/pkg-plist +++ b/www/squid/pkg-plist @@ -2171,11 +2171,12 @@ man/man8/ext_unix_group_acl.8.gz %%AUTH_SMB%%man/man8/ext_wbinfo_group_acl.8.gz %%AUTH_KERB%%man/man8/negotiate_kerberos_auth.8.gz man/man8/squid.8.gz +%%SSL_CRTD%%man/man8/ssl_crtd.8.gz man/man8/storeid_file_rewrite.8.gz sbin/purge sbin/squid sbin/squidclient @dir(squid,squid,750) /var/log/squid +@dir(squid,squid,750) /var/run/squid @dir(squid,squid,750) /var/squid @dir(squid,squid,750) /var/squid/cache -@dir(squid,squid,750) /var/squid/logs |